NOTE: To securely disclose sensitive or confidential information about products and services, please use PGP protected communication channel. For general information about Landis+Gyr products, services and general technical support, please use the Contact page or get in touch with your dedicated Sales contact point.
WHAT CAN YOU EXPECT AFTER SUBMITTING A REPORT ?
A core principle of Landis+Gyr is being a trusted partner in managing energy better. Landis+Gyr
encourages you to engage with us and follow the principles of coordinated vulnerability disclosure to minimize the risk of exploitation and help the industry. Please, find further information in
Landis+Gyr Vulnerability Management Policy Summary
"Vulnerabilities exist. It is the question, how they are handled, that make the difference."
Identification
 |
- Any person or organization is encouraged to submit a report or contact the Landis+Gyr productCERT team about a discovered security flaw or vulnerability within a Landis+Gyr product, solution, or services.
- Provide a clear consent on disclosing identity or contact information in further reports to Landis+Gyr partners, customers, or the wish to stay anonymous.
- To protect sensitive and confidential information by using encrypted communication.
- Submitted reports will be acknowledged upon receipt by productCERT coordinator for follow-up on findings and agreement on further steps.
- Landis+Gyr will acknowledge receipt to all elevated submitted reports in a swift and transparent manner.
|
Assessment
 |
- Landis+Gyr productCERT will analyze the report, verify the information, and validate the findings with the reporter to coordinate further activities.
- The assessment of a validated vulnerability will usually go beyond the reported scope, to identify related problems in other products and services.
- Depending on the severity and impact of the associated security flaw, Landis+Gyr will engage additional communication to notify partners, customers, and other entities as required or deemed appropriate.
- The reporter will be informed about the outcome of the assessment.
Note: It can happen, that the parties disagree on the existence or severity of a vulnerability. In that case, independent party might be included for testing and analysis of vulnerability. |
Treatment
 |
- Identified and validated vulnerabilities will be treated in an appropriate way to minimize or eliminate the risks of exploitation.
- The treatment of a vulnerability will be tested also on additional supported products, solutions, services, and its versions.
- The developed remediation solution will be available to the reporter for review and discussion.
|
Disclosure
 |
- Landis+Gyr believes that reporters are submitting the findings of security vulnerabilities with ethical intentions to improve the industry.
- Landis+Gyr productCERT is committed to improving its products and services. Landis+Gyr requests keeping any vulnerability finding confidential, to ensure mutual trust and flexibility in working with the productCERT team towards the release of a patch.
- Based on consent, the reporter will be acknowledged as appropriate in disclosure communications.
|
NOTE: Landis+Gyr highly appreciates opportunities to improve its products and services. Keep in mind, testing for vulnerabilities has its own rules and limits. Landis+Gyr does not allow non sanctioned penetration tests against the company, products, or solutions without consent. The process described is designed for managing product and service vulnerabilities only and should not be used for solicitation or other types of product issues or requests.